This invention relates to methods of managing personal information and of controlling access thereto, and more particularly to those methods wherein a security measure may be overruled and access to a portion of the personal information may be disclosed under specified circumstances.
One component of the effective delivery of health care is the effective management of medical information. Health care providers have recognized that effective storage, retrieval and management of medical information provides more efficient patient care. More effective management of health related information will generally cause the quality of care to increase by providing treating physicians more complete, timely and accurate information. Full and accurate knowledge of the patient's prior medical history, current medications, drug allergies, recent medical test results, etc. will typically permit the treating physician to diagnose the patient more accurately and more quickly. Additionally, effective access to such information will tend to facilitate the treating physician choosing and performing more accurately and effectively the appropriate medical procedures. Patients may not be able to speak for themselves in an emergency or unconscious condition. Even conscious and alert, many patients may not recall the specifics of their medical history and/or relevant recent treatments. Still fewer patients recall the results of their recent medical tests. Costs may also be reduced by efficient management of medical information by avoiding duplication of tests caused by lack of access to existing test data by the treating physician, or the physician's reluctance to accept the patient's recollections when serious medical consequences may result from misinformation or misdiagnosis. For such reasons, health care providers have invested considerable effort in the technologies related to the computerization and sharing, typically via fax or interactive computer networks, of such medical data and information.
Much of the previous work in connection with computerizing medical information storage and retrieval has been directed to the needs of the care provider. That is, the needs of hospitals and treating physicians have been foremost in the design and implementation of many prior art medical information systems. Recent examples of such systems include the work of Chaco (U.S. Pat. No. 5,465,082) which describes a network data storage and retrieval system for medical information as would typically be implemented in a hospital environment. In addition, the work of Whalen et. al. (U.S. Pat. No. 5,327,341) describes a computerized system for maintaining medical records and for the generation of printed reports from such stored information. Once again, the system is intended for use typically by physicians or related health care providers. The work of Coli (U.S. Pat. No. 4,31 5,309) is likewise directed towards a medical information storage, retrieval and report generating system, typically for use by treating physicians. Storage and retrieval of medical information including certain categorization techniques can be found in the work of Nematbakhsh et. al. (U.S. Pat. No. 5,572,422). Crumpler et. al. (U.S. Pat. No. 5,664,207) describe a system for the sharing of medical or other information among a plurality of users by means of data processing nodes connected temporarily and intermittently to a data processing server.
The medical data storage and retrieval information systems described above typically are developed with the needs of the health care provider in mind. Therefore, the information tends to be that appropriate for the needs of the particular physician, practice group or hospital making use of the system, omitting thereby many relevant items of personal health information. For example, provisions are not typically made in such systems for having access to the patients' living wills, organ donation wishes, authorization for treatment and other documents potentially highly relevant in the course of medical treatment, most urgently in instances when the patient is unable to speak for himself or herself. In addition, the information systems of the prior art most typically are designed for use from a limited number of known locations, typically terminals located at various locations around a treating hospital or other health care facility. Access to the medical records by the patient, or by an unforeseen and unplanned for health care provider in an emergency situation and possibly at very remote locations and at very inconvenient times of day, is not generally provided for in the prior art.
Another approach to providing medical information to the treating physician or other care provider has been to equip the individual patient with appropriate medical information to be carried on his or her person. Such information would typically be of the type that health care providers would need during an emergency situation in which the patient cannot speak for himself or herself. Such techniques include emergency medical bracelets, information cards and the like to inform treating medical personnel of the patient's important medical conditions. For economy of language, we will refer to all such devices carried on or about the patient as "on-person" medical information and medical information systems regardless of the particular medium on which such information is stored and carried.
Perhaps the most common example of such on-person data storage and retrieval is the magnetic strip on credit or similar cards used for carrying limited amounts of data relevant to the purpose for which the card is distributed. A recent example of magnetic strip technology is that of Drexler et. al. (U.S. Pat. No. 5,559,885) and the references cited therein. Such magnetic strip technology is typically used on debit or credit cards, although magnetic strips are appearing on cards for use in connection with parking garages, public transit, copy machines, etc. Such magnetic strips have proven to be a very efficient way to insure that the user has pre-paid for the service or product being delivered, debiting the account information stored on the magnetic strip with the appropriate amount, most commonly at the time the product or service is delivered. Such cards generally eliminate the need for vendor's staff to intervene in the transaction, saving transaction costs. While such cards have demonstrated their endurance and consumer acceptance in everyday commerce, they are typically quite limited in the amount of data which can be stored. Addidonally, specialized equipment is needed to alter the information appearing on the magnetic strip that is not generally available to the user of such cards (intentionally so for most cards, especially those indicating pre-payments). Both of these characteristics are serious disadvantages in using such cards for the storage of personal health information.
Other technologies are available that permit on-person storage of larger amounts of information and, in some cases, convenient alteration of this information by the user. Examples of such on-person devices include "smart cards," which typically means a card in substantially the size and shape of a credit card with information stored thereon in the memory of a microprocessor embedded within the card. Such a smart card may include means to impede access by unauthorized parties, as is described in the work of Takahira (U.S. Pat. No. 4,960,982). An interactive, portable personal data system is described by Lessin et. al. (U.S. Pat. No. 4,868,376) in which numerous items of personal data, including health data, can be stored and carried with the individual in the form of a hand-held computer complete with keyboard and display.
On-person devices for carrying medical information as generally described above have several important drawbacks. The information must accompany the individual or patient everywhere. Continually wearing a bracelet or similar article might be too burdensome for all but the most medically concerned patients. Carrying a card requires the card to be accessible to the treating physician. In emergency situations, the patient's purse or wallet typically containing such cards might not be readily accessible to the treating physician. Also, not all medical emergencies arise with the purse or wallet on the patient's immediate person, as in swimmers, divers, or nighttime emergencies. The additional time and burden of locating such medical information during an emergency often cannot be spared, depriving the treating physician of potentially crucial medical information about the patient. If the medical information is stored on a magnetic strip, the treating physician or care provider must have access to the means to read the information. Even if the card can be promptly read, the information contained thereon is necessarily limited. Even more limited is the information stored as printed text on a medical information bracelet or card.
Not all medical information to which an individual desires access is required for emergency treatment. For example, loss or destruction of corrective eyewear requires access to the patient's prescription for replacement. Serious discomfort would occur to many eyeglass wearers until replacements can be obtained. On-person emergency medical information generally does not include eyeglass prescriptions, being constrained by limited storage capacity to the most critical and potentially life saving information.
The work of Keene (U.S. Pat. No. 5,325,294) describes a phone-in system for the storage and retrieval of information related to an individual's HIV or other medical status, date of most recent test, and frequency of inquiry. Security and authentication features are provided. The individual wishing to make use of this procedure (the "Subject") has his or her HIV test (or other medical test) entered into the computer system and receives a hologram photo-identification card with an account number printed thereon and, separate therefrom, a personal identification number ("PIN number") to be maintained in confidence by the Subject. The invention consists of a technique for the Subject to report the results of the pre-recorded test to a (presumably skeptical) individual in the company of the Subject ("Partner"). The Subject dials the computer storing his or her medical test information, entering the account number and PIN number. The phone is then handed to the Partner along with the Subject's photo-identification card. The computer system recites the account number for verification of the Subject's identity by comparison with the photo and then recites the information the Subject has authorized to be released, typically the test date, result and frequency with which the Subject makes inquiry. While this system allows phone-in access, it provides only limited medical information, requires the physical presence of the photo-identification card, and requires the participation of a conscious and at least minimally functional Subject capable of remembering his or her PIN number; conditions not always pertaining in emergency medical circumstances which are one of the important uses for the present invention.
These and similar on-person medical information storage and retrieval systems need to be updated promptly whenever the medical condition of the patient requires. For example, when prescriptions are changed by the patient's physician, such revised information must be revised on all on-person information lest the treating physician in an emergency not be aware of potentially harmful drug interactions or other conditions. Updating on-person medical information is yet another burden to be undertaken by the patient, and might easily be neglected in the activities of daily life.
Yet another drawback of on-person medical information is that it tends to be of limited extent. Only the most basic medical information can be stored on a bracelet or printed card. "Smart cards" having microprocessors and memory constructed as part of the card alleviate this situation somewhat, typically having significant storage capacity. However, smart cards typically require specialized readers to extract the information, and such readers might not be available in all emergency treatment environments. Smart cards share the disadvantages mentioned above associated with having to accompany the patient everywhere and having to be physically updated.